Coda File System

Re: Solved(?): Coda access rights problem

From: Jan Harkes <jaharkes_at_cs.cmu.edu>
Date: Thu, 18 Mar 2004 22:31:40 -0500
On Fri, Mar 19, 2004 at 12:04:11AM +0100, Ivan Popov wrote:
> On Thu, 18 Mar 2004, Jan Harkes wrote:
> > > the "realms" file do not work, unless they contain a dot '.'
> > > Hostnames on my "domainless" net do not work either...
> >
> > Correct you need to have at least a single '.' in the realm name. This
> 
> > It also makes the globally unique naming scheme actually _globally
> > unique_.
> 
> I really like the point.
> My only "problem" was that I was not aware of this check.

Well, the code used to append a '.' to the name we are searching for to
prevent DNS from trying the locally defined search domains. But we found
that that broke the /etc/hosts lookup on some systems.

So now we're using an (undocumented?) special flag for the resolver
library in combination with a test for at least a single '.' in the
name. It really is nothing more than a simple heuristic and can still be
fooled, i.e. any access to /coda/.foo, or /coda/a.foo will still trigger
a useless  DNS lookup that hits the rootservers. But that is in my mind
a better solution than trying to hardcode acceptable top-level domains.

I can envision that some day people might not want their Coda clients to
connect to servers in a .pron domain. However, policies like that are
probably better placed at a DNS proxy server on the firewall.

I'm still not sure why ip-address based resolution failed. Maybe an
older inverted test slipped back in with the IPv6 patches.

Jan
Received on 2004-03-18 22:33:21